package com.framewiki.example.service;

import com.cdkjframework.datasource.jpa.builder.JpaCriteriaBuilder;
import com.cdkjframework.oauth2.entity.ClientDetails;
import com.cdkjframework.oauth2.repository.OAuth2ClientRepository;
import com.cdkjframework.util.tool.CopyUtils;
import com.cdkjframework.util.tool.StringUtils;
import com.framewiki.example.entity.RmsClientDetailsEntity;
import com.framewiki.example.repository.RmsClientDetailsRepository;
import lombok.RequiredArgsConstructor;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.stereotype.Service;

import java.util.List;
import java.util.Optional;
import java.util.UUID;

/**
 * @ProjectName: framewiki-example
 * @Package: com.framewiki.example.service
 * @ClassName: OAuth2ClientRepositoryImpl
 * @Description: java类作用描述
 * @Author: xiaLin
 * @Date: 2025/8/27 20:55
 * @Version: 1.0
 */
@Service
@RequiredArgsConstructor
public class OAuth2ClientRepositoryImpl implements OAuth2ClientRepository {

  /**
   * 认证服务客户端详情仓库
   */
  private final RmsClientDetailsRepository rmsClientDetailsRepository;

  /**
   * 根据客户端ID查找客户端详情
   *
   * @param clientId 客户端ID
   * @return 客户端详情
   */
  @Override
  public Optional<ClientDetails> findByClientId(String clientId) {
    // 创建查询条件
    JpaCriteriaBuilder<RmsClientDetailsEntity> builder = JpaCriteriaBuilder.Builder();
    builder = builder.equal(RmsClientDetailsEntity.CLIENT_ID, clientId);
    Optional<RmsClientDetailsEntity> optional = rmsClientDetailsRepository.findOne(builder.build());
    // 转换为客户端详情
    RmsClientDetailsEntity details = optional.orElse(null);
    return Optional.ofNullable(ClientDetails.builder().id(details.getId())
        .clientId(clientId)
        // {noop}表示密码不加密
        .clientSecret(details.getClientSecret())
        .clientAuthenticationMethods(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.toString())
        .authorizationGrantTypes(details.getAuthorizedGrantTypes())
        .redirectUris(details.getRedirectUri())
        .scopes(details.getScopes())
        .clientSettings("{ \"requireProofKey\": true, \"requireAuthorizationConsent\": true }")
        .tokenSettings("{ \"accessTokenTimeToLive\": 3600, \"refreshTokenTimeToLive\": 86400 }")
        .build());
  }

  /**
   * 保存客户端详情
   *
   * @param clientDetails 客户端详情
   */
  @Override
  public void save(ClientDetails clientDetails) {
    rmsClientDetailsRepository.save(CopyUtils.copyNoNullProperties(clientDetails, RmsClientDetailsEntity.class));
  }

  /**
   * 根据ID查找客户端详情
   *
   * @param id 客户端ID
   * @return 客户端详情
   */
  @Override
  public Optional<ClientDetails> findById(String id) {
    Optional<RmsClientDetailsEntity> optional = rmsClientDetailsRepository.findById(id);
    if (optional.isEmpty()) {
      return Optional.empty();
    }
    RmsClientDetailsEntity details = optional.orElse(null);
    return Optional.ofNullable(ClientDetails.builder().id(id)
        .clientId(details.getClientId())
        // {noop}表示密码不加密
        .clientSecret(details.getClientSecret())
        .clientAuthenticationMethods(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.toString())
        .authorizationGrantTypes(details.getAuthorizedGrantTypes())
        .redirectUris(details.getRedirectUri())
        .scopes(details.getScopes())
        .clientSettings("{ \"requireProofKey\": true, \"requireAuthorizationConsent\": true }")
        .tokenSettings("{ \"accessTokenTimeToLive\": 3600, \"refreshTokenTimeToLive\": 86400 }")
        .build());
  }
}
